There is a mounting gap between what the headlines say about the costs of cyber insecurity to the U.S. economy and the results of data-driven research on this topic—with negative implications for cybersecurity. Congress should move to narrow the gap by passing a federal law that takes two steps to protect data. First, it should require companies that possess sensitive personal information to publicly disclose when significant breaches of this information occur.
Andrew J. Grotto is a William J. Perry International Security Fellow at the Freeman Spogli Institute and a research fellow at the Hoover Institution, both at Stanford University. He is also a fellow of the Stanford Cyber Initiative. He served as senior director for cyber policy on the National Security Council during the Obama and Trump administrations from late 2015 through May of 2017.
Subscribe to this Lawfare contributor via RSS.
In February, the White House attributed “the most destructive and costly cyberattack in history,” a summer 2017 attack affecting critical infrastructure and other victims around the world, to Russian intelligence services. The malicious code used in the attack, known as NotPetya, permanently encrypts the data on the computers that it has infected, essentially destroying them.